Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Blocked from internet, popups, redirects [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#1 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 21 December 2014 - 09:25 AM

Hi.  I am being blocked from the internet using IE about half the time.  I get a lot of popups which wasn't a problem before and I'm getting occasional redirects.  AVAST is chiming in that it blocked a threat every couple minutes, that began happening yesterday along with the internet blocking. 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-12-21 08:51:01
-----------------------------
08:51:01.026    OS Version: Windows x64 6.2.9200
08:51:01.026    Number of processors: 4 586 0x3C03
08:51:01.026    ComputerName: PURPLE  UserName: l
08:51:52.446    Initialize success
08:51:52.446    VM: initialized successfully
08:51:52.446    VM: Intel CPU BiosDisabled
08:51:55.244    VM: disk I/O iaStorA.sys
08:51:59.198    AVAST engine defs: 14122100
08:52:00.151    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
08:52:00.151    Disk 0 Vendor: ST2000DM001-1CH164 HP33 Size: 1907729MB BusType: 11
08:52:00.844    Disk 0 MBR read successfully
08:52:00.846    Disk 0 MBR scan
08:52:00.848    Disk 0 unknown MBR code
08:52:00.898    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
08:52:01.736    Disk 0 scanning C:\windows\system32\drivers
08:52:34.648    Service scanning
08:53:05.494    Modules scanning
08:53:05.498    Disk 0 trace - called modules:
08:53:05.882    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
08:53:05.886    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800bd5c060]
08:53:05.889    3 CLASSPNP.SYS[fffff88000af4e0a] -> nt!IofCallDriver -> [0xfffffa800979ab20]
08:53:05.892    5 ACPI.sys[fffff88000edfa91] -> nt!IofCallDriver -> [0xfffffa800975bbf0]
08:53:05.896    7 ACPI.sys[fffff88000edfa91] -> nt!IofCallDriver -> \Device\00000036[0xfffffa800ac547f0]
08:53:09.449    AVAST engine scan C:\windows
08:53:15.490    AVAST engine scan C:\windows\system32
08:55:18.240    AVAST engine scan C:\windows\system32\drivers
08:55:41.196    AVAST engine scan C:\Users\l
09:07:13.347    Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat"
09:07:13.350    The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR.txt"
09:11:04.542    AVAST engine scan C:\ProgramData
09:12:32.707    Scan finished successfully
09:16:07.837    Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat"
09:16:07.842    The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR1.txt"

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by l at 2014-12-21 09:16:57
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

==================== Restore Points  =========================

07-12-2014 03:00:33 Scheduled Checkpoint
10-12-2014 06:44:18 Windows Update
11-12-2014 13:19:38 Installed e-Sword.
16-12-2014 21:38:23 Windows Update
20-12-2014 12:40:31 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2014-07-04 13:17 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4EE02507-526F-4BBE-B0F0-1A156EB6930E} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {99F30CCB-5A7E-4740-99C3-45A2FC1E5C6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {9A9DBE97-D3F9-4BE4-A9B9-C849CFBE0BBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-05-04 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-10 12:25 - 2013-01-10 12:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2014-12-21 02:38 - 2014-12-21 02:38 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122100\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 14:35 - 2013-01-10 14:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00718152 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\libglesv2.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00126280 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\libegl.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 08537928 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\pdf.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 00353096 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 01732936 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\ffmpegsumo.dll
2014-12-21 08:27 - 2014-12-21 08:27 - 14669128 _____ () C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 09:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pucvpreksj.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: wuvqcpkenbe.dll, version: 55.45.103.0, time stamp: 0x5496bdfb
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0xfc0
Faulting application start time: 0xpucvpreksj.exe0
Faulting application path: pucvpreksj.exe1
Faulting module path: pucvpreksj.exe2
Report Id: pucvpreksj.exe3
Faulting package full name: pucvpreksj.exe4
Faulting package-relative application ID: pucvpreksj.exe5

Error: (12/21/2014 08:24:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x546ebbc7
Faulting module name: AcLayers.DLL, version: 6.2.9200.16420, time stamp: 0x505aa251
Exception code: 0xc0000374
Fault offset: 0x0000000000006ad9
Faulting process id: 0x3804
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (12/21/2014 07:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000374
Fault offset: 0x000daa14
Faulting process id: 0x1b7c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/21/2014 03:03:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (12/21/2014 03:03:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/21/2014 03:01:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (12/21/2014 03:01:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (12/21/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x1dd4
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (12/21/2014 00:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
Exception code: 0xc0000005
Fault offset: 0x0000000000025a1e
Faulting process id: 0x1c98
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (12/20/2014 04:56:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0d719f48
Faulting process id: 0x1bac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (12/21/2014 08:49:19 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/21/2014 08:49:38 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d8a6db34e9, 0xb3b7465ef95ae2c5, 0xfffff8800099b700, 0x0000000000000002)C:\windows\Minidump\122114-25453-01.dmp122114-25453-01

Error: (12/21/2014 08:49:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:35:00 AM on ‎12/‎21/‎2014 was unexpected.

Error: (12/20/2014 00:34:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/20/2014 00:09:22 PM) (Source: DCOM) (EventID: 10010) (User: PURPLE)
Description: Microsoft.WindowsLive.ModernPhotos.AppXsjk229593yvkhw8w13eans3t0eh9strp.wwa

Error: (12/20/2014 00:08:34 PM) (Source: DCOM) (EventID: 10010) (User: PURPLE)
Description: Microsoft.ZuneVideo.AppX0691txe4bqr477kft85hfv93agd4v0e0.wwa

Error: (12/20/2014 10:19:10 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/17/2014 09:04:23 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/12/2014 07:32:02 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/12/2014 07:23:03 PM) (Source: DCOM) (EventID: 10016) (User: PURPLE)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}purplelS-1-5-21-2497467096-1107912187-4260812050-1001LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (12/21/2014 09:06:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pucvpreksj.exe36.0.1985.14353e2e515wuvqcpkenbe.dll55.45.103.05496bdfbc0000005000140fbfc001d01d2f6b73e0f3C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exeC:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dllfc747dc5-8922-11e4-bebd-0c84dc3bd976

Error: (12/21/2014 08:24:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.17183546ebbc7AcLayers.DLL6.2.9200.16420505aa251c00003740000000000006ad9380401d01d286286966bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\AppPatch\AppPatch64\AcLayers.DLL0c209dfa-891d-11e4-bebc-0c84dc3bd976

Error: (12/21/2014 07:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2antdll.dll6.2.9200.1704653b485c4c0000374000daa141b7c01d01d1db81197f8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\ntdll.dll1ec8ec72-8912-11e4-bebc-0c84dc3bd976

Error: (12/21/2014 03:03:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (12/21/2014 03:03:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/21/2014 03:01:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (12/21/2014 03:01:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/21/2014 03:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e1dd401d01cfc8063ef11C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllcc9cc32f-88ef-11e4-bebc-0c84dc3bd976

Error: (12/21/2014 00:09:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e1c9801d01ce46d0ee5d7C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dlle6615f09-88d7-11e4-bebc-0c84dc3bd976

Error: (12/20/2014 04:56:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c00000050d719f481bac01d01ca7538ede1aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown62bf1334-889b-11e4-bebc-0c84dc3bd976

CodeIntegrity Errors:
===================================
  Date: 2014-07-02 16:03:45.621
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-02 16:03:45.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-17 08:12:37.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-17 08:12:37.840
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-30 16:32:03.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 26%
Total physical RAM: 12207.45 MB
Available physical RAM: 9030.9 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 9278.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1791.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by l (administrator) on PURPLE on 21-12-2014 09:16:28
Running from C:\Users\l\Desktop
Loaded Profile: l (Available profiles: l)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\windows\System32\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe
(Google Inc.) C:\Users\l\AppData\LocalLow\Adobe\Wsshtedtijy\Nlubcgqnamx\pucvpreksj.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [wuvqcpkenbe] => regsvr32.exe /s "C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll" <===== ATTENTION
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\RunOnce: [Adobe Speed Launcher] => 1419173470
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Avast SafePrice) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
U3 aswMBR; \??\C:\Users\l\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 09:16 - 2014-12-21 09:16 - 00022709 _____ () C:\Users\l\Desktop\FRST.txt
2014-12-21 09:16 - 2014-12-21 09:16 - 00002169 _____ () C:\Users\l\Desktop\aswMBR1.txt
2014-12-21 09:16 - 2014-12-21 09:16 - 00000512 _____ () C:\Users\l\Desktop\MBR.dat
2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
2014-12-20 12:26 - 2014-12-21 09:04 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 12:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-20 12:10 - 2014-12-20 12:10 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
2014-12-02 19:32 - 2014-12-21 08:51 - 00000000 ___RD () C:\Users\l\iCloudDrive
2014-12-02 19:32 - 2014-12-21 08:23 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc
2014-11-25 08:41 - 2014-11-25 08:41 - 00000188 _____ () C:\Users\l\Desktop\Bourbon Dork.url
2014-11-23 19:25 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-23 19:23 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-23 19:23 - 2014-11-23 19:23 - 00001812 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-23 19:23 - 2014-11-23 19:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-23 19:19 - 2014-11-23 19:19 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-11-23 18:13 - 2014-12-17 16:32 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
2014-11-23 18:13 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-23 18:13 - 2014-12-02 19:31 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
2014-11-23 18:13 - 2014-11-23 18:13 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-23 18:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-11-23 18:12 - 2014-11-23 19:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files\iTunes
2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-23 18:12 - 2014-11-23 18:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\l\AppData\Local\Apple
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files\iPod
2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-22 19:44 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-22 19:44 - 2014-11-22 19:44 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 19:44 - 2014-11-22 19:44 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-11-22 19:44 - 2014-11-22 19:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-11-22 19:44 - 2014-11-22 19:44 - 00001997 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 09:16 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
2014-12-21 09:14 - 2014-11-12 22:15 - 00004948 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
2014-12-21 09:06 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-12-21 09:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-21 08:55 - 2014-04-19 09:23 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-12-21 08:54 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 08:53 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-12-21 08:51 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 08:50 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 08:50 - 2013-07-17 11:49 - 00003619 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-12-21 08:50 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
2014-12-21 08:49 - 2012-08-10 17:49 - 00403380 _____ () C:\windows\PFRO.log
2014-12-21 08:49 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-21 08:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 23:52 - 2014-04-19 09:14 - 01731943 _____ () C:\windows\WindowsUpdate.log
2014-12-20 12:34 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-20 12:10 - 2014-06-30 07:21 - 02122240 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-12-20 10:19 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
2014-12-19 14:40 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
2014-12-19 14:40 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
2014-12-14 14:17 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-14 14:16 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-02 19:32 - 2014-04-27 08:41 - 00288256 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live
2014-11-26 15:11 - 2014-10-16 11:19 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:11 - 2014-10-16 11:19 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 18:12 - 2013-07-17 11:32 - 00000000 ____D () C:\ProgramData\Apple
2014-11-22 19:44 - 2014-05-04 15:20 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-11-22 19:44 - 2014-05-04 15:19 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-11-22 19:44 - 2014-05-04 15:19 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys

Some content of TEMP:
====================
C:\Users\l\AppData\Local\temp\bmlhhkx.dll
C:\Users\l\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmueimr.dll
C:\Users\l\AppData\Local\temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\l\AppData\Local\temp\mbam-setup.exe
C:\Users\l\AppData\Local\temp\Quarantine.exe
C:\Users\l\AppData\Local\temp\SAS6_Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-20 03:00

==================== End Of Log ============================

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 December 2014 - 10:55 AM

:welcome:

 

I see some things going on that need to be fixed, first run these programs in order please and post the log from each one and then we can go from there

 

 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 21 December 2014 - 01:06 PM

    HI.  Thanks for helping.l

     

    I could not get the mbam log to copy using your instructions.  I exported a log. 

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/21/2014
    Scan Time: 12:46:15 PM
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.21.04
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: l

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 342263
    Time Elapsed: 7 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 4
    IPH.Trojan.Clicker.W7, C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll, , [3048cb9a44388da95e7bc53ba25e5aa6],
    IPH.Trojan.Clicker.W7, C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll, , [3048cb9a44388da95e7bc53ba25e5aa6],
    IPH.Trojan.Clicker.W7, C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll, , [3048cb9a44388da95e7bc53ba25e5aa6],
    IPH.Trojan.Clicker.W7, C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll, , [3048cb9a44388da95e7bc53ba25e5aa6],

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 1
    IPH.Trojan.Clicker.W7, HKU\S-1-5-21-2497467096-1107912187-4260812050-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wuvqcpkenbe, regsvr32.exe /s "C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll", , [3048cb9a44388da95e7bc53ba25e5aa6]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    IPH.Trojan.Clicker.W7, C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod\wuvqcpkenbe.dll, , [3048cb9a44388da95e7bc53ba25e5aa6],

    Physical Sectors: 0
    (No malicious items detected)

    (end)

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8 x64
    Ran by l on Sun 12/21/2014 at 12:30:11.27
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

     

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}

     

    ~~~ Files

     

    ~~~ Folders

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/21/2014 at 12:37:06.53
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    # AdwCleaner v4.106 - Report created 21/12/2014 at 12:25:25
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Live]
    # Operating System : Windows 8  (64 bits)
    # Username : l - PURPLE
    # Running from : C:\Users\l\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\l\AppData\locallow\iac
    Folder Deleted : C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
    Key Deleted : HKCU\Software\DriverSupport
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yourtango.com

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17183

    -\\ Google Chrome v39.0.2171.95

    *************************

    AdwCleaner[R0].txt - [3263 octets] - [11/06/2014 10:00:35]
    AdwCleaner[R1].txt - [3403 octets] - [11/06/2014 10:36:06]
    AdwCleaner[R2].txt - [3463 octets] - [11/06/2014 10:38:23]
    AdwCleaner[R3].txt - [3523 octets] - [13/06/2014 05:38:30]
    AdwCleaner[R4].txt - [1101 octets] - [01/07/2014 16:20:21]
    AdwCleaner[R5].txt - [3354 octets] - [21/12/2014 12:20:05]
    AdwCleaner[S0].txt - [3208 octets] - [13/06/2014 05:38:57]
    AdwCleaner[S1].txt - [1165 octets] - [02/07/2014 08:53:18]
    AdwCleaner[S2].txt - [3129 octets] - [21/12/2014 12:25:25]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3189 octets] ##########



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 21 December 2014 - 01:36 PM

    Make sure that you had Malwarebytes set to remove all those bad entries, if not run it again and remove them all

     

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Threat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<----------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 21 December 2014 - 08:10 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/21/2014
    Scan Time: 7:45:09 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.22.01
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: l

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 341258
    Time Elapsed: 6 min, 41 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 December 2014 - 05:49 AM

    :thumbup:

     

    Go ahead and run a new scan with FRST, be sure to check mark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 22 December 2014 - 08:22 PM

    :clap:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
    Ran by l at 2014-12-22 20:19:15
    Running from C:\Users\l\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
    Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

    ==================== Restore Points  =========================

    07-12-2014 03:00:33 Scheduled Checkpoint
    10-12-2014 06:44:18 Windows Update
    11-12-2014 13:19:38 Installed e-Sword.
    16-12-2014 21:38:23 Windows Update
    20-12-2014 12:40:31 Tweaking.com - Windows Repair

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 23:26 - 2014-07-04 13:17 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
    Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
    Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
    Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    Task: {99F30CCB-5A7E-4740-99C3-45A2FC1E5C6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
    Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BF0D5EE1-3B0A-4E47-9C65-6370BA480336} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
    Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
    Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
    Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {DEA98902-9691-4764-AE5C-C7987CD0003C} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-04 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
    2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-21 09:50 - 2014-12-21 09:50 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122101\algo.dll
    2014-12-22 12:09 - 2014-12-22 12:09 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
    2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
    2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
    2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
    Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
    l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/22/2014 05:10:27 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8

    Error: (12/22/2014 06:34:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x77c5bda1
    Faulting process id: 0x2664
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (12/22/2014 06:28:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 10.0.9200.17183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 2380

    Start Time: 01d01de28ecfe579

    Termination Time: 16

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id: f74041d4-89d5-11e4-bec1-0c84dc3bd976

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/22/2014 03:03:38 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

    Error: (12/22/2014 03:02:30 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (12/22/2014 03:00:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
    Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
    Exception code: 0xc0000005
    Fault offset: 0x0000000000025a1e
    Faulting process id: 0x2688
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3
    Faulting package full name: rundll32.exe_aepdu.dll4
    Faulting package-relative application ID: rundll32.exe_aepdu.dll5

    Error: (12/22/2014 00:51:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
    Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
    Exception code: 0xc0000005
    Fault offset: 0x0000000000025a1e
    Faulting process id: 0x20ac
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3
    Faulting package full name: rundll32.exe_aepdu.dll4
    Faulting package-relative application ID: rundll32.exe_aepdu.dll5

    Error: (12/21/2014 07:59:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: Flash.ocx, version: 16.0.0.235, time stamp: 0x546fdf2f
    Exception code: 0xc0000005
    Fault offset: 0x008eb964
    Faulting process id: 0x1440
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (12/21/2014 07:43:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 10.0.9200.17183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1fa0

    Start Time: 01d01d8771993fe1

    Termination Time: 31

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id: dbd7c895-897b-11e4-bec1-0c84dc3bd976

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/21/2014 05:39:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc000041d
    Fault offset: 0x041301e8
    Faulting process id: 0x10f4
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    System errors:
    =============
    Error: (12/21/2014 05:04:35 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (12/21/2014 04:37:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (12/21/2014 02:28:13 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Microsoft Office Sessions:
    =========================
    Error: (12/22/2014 05:10:27 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll8

    Error: (12/22/2014 06:34:32 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c000000577c5bda1266401d01de2bb15b333C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowne0b92e00-89d6-11e4-bec1-0c84dc3bd976

    Error: (12/22/2014 06:28:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183238001d01de28ecfe57916C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEf74041d4-89d5-11e4-bec1-0c84dc3bd976

    Error: (12/22/2014 03:03:38 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

    Error: (12/22/2014 03:02:30 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

    Error: (12/22/2014 03:00:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e268801d01dc5ab1e32beC:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dllf8a7d2de-89b8-11e4-bec1-0c84dc3bd976

    Error: (12/22/2014 00:51:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e20ac01d01db393a1bfeeC:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dll04de9822-89a7-11e4-bec1-0c84dc3bd976

    Error: (12/21/2014 07:59:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2aFlash.ocx16.0.0.235546fdf2fc0000005008eb964144001d01d89590aed0aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx39fb6287-897e-11e4-bec1-0c84dc3bd976

    Error: (12/21/2014 07:43:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe10.0.9200.171831fa001d01d8771993fe131C:\Program Files\Internet Explorer\iexplore.exedbd7c895-897b-11e4-bec1-0c84dc3bd976

    Error: (12/21/2014 05:39:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2aunknown0.0.0.000000000c000041d041301e810f401d01d7297c68585C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna1839c60-896a-11e4-bec1-0c84dc3bd976

    CodeIntegrity Errors:
    ===================================
      Date: 2014-07-02 16:03:45.621
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-07-02 16:03:45.590
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.871
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.840
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-04-30 16:32:03.045
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
    Percentage of memory in use: 17%
    Total physical RAM: 12207.45 MB
    Available physical RAM: 10088.27 MB
    Total Pagefile: 12607.45 MB
    Available Pagefile: 10530.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1789.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
    Ran by l (administrator) on PURPLE on 22-12-2014 20:18:56
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\windows\System32\dasHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\windows\System32\hkcmd.exe
    (Intel Corporation) C:\windows\System32\igfxpers.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\windows\System32\dllhost.exe
    (Microsoft Corporation) C:\windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
    HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\RunOnce: [Adobe Speed Launcher] => 1419203135
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
    Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
    Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
    CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> www.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
    CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
    CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
    CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
    CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
    CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
    CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
    R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
    R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
    U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
    U4 BthAvrcpTg; No ImagePath
    U4 BthHFEnum; No ImagePath
    U4 bthhfhid; No ImagePath
    R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-22 20:18 - 2014-12-22 20:19 - 00019932 _____ () C:\Users\l\Desktop\FRST.txt
    2014-12-21 20:08 - 2014-12-21 20:08 - 00001040 _____ () C:\Users\l\Desktop\mbam 2.txt
    2014-12-21 12:41 - 2014-12-21 12:41 - 00000853 _____ () C:\Users\l\Desktop\JRT1.txt
    2014-12-21 12:27 - 2014-12-21 12:27 - 00003297 _____ () C:\Users\l\Desktop\AdwCleaner[S2].txt
    2014-12-21 12:19 - 2014-12-21 12:19 - 02173952 _____ () C:\Users\l\Downloads\AdwCleaner.exe
    2014-12-21 09:18 - 2014-12-21 09:18 - 00046991 _____ () C:\Users\l\Desktop\FRST1.txt
    2014-12-21 09:18 - 2014-12-21 09:18 - 00037223 _____ () C:\Users\l\Desktop\Addition1.txt
    2014-12-21 09:16 - 2014-12-21 09:16 - 00002169 _____ () C:\Users\l\Desktop\aswMBR1.txt
    2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
    2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
    2014-12-20 12:26 - 2014-12-22 20:10 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2014-12-20 12:10 - 2014-12-20 12:10 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
    2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
    2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
    2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
    2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
    2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
    2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
    2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
    2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
    2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
    2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
    2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
    2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
    2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
    2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
    2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
    2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
    2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
    2014-12-02 19:32 - 2014-12-21 17:05 - 00000000 ___RD () C:\Users\l\iCloudDrive
    2014-12-02 19:32 - 2014-12-21 14:28 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc
    2014-11-25 08:41 - 2014-11-25 08:41 - 00000188 _____ () C:\Users\l\Desktop\Bourbon Dork.url
    2014-11-23 19:25 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-11-23 19:23 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-23 19:23 - 2014-11-23 19:23 - 00001812 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-11-23 19:23 - 2014-11-23 19:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-23 19:19 - 2014-11-23 19:19 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2014-11-23 18:13 - 2014-12-17 16:32 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
    2014-11-23 18:13 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-23 18:13 - 2014-12-02 19:31 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
    2014-11-23 18:13 - 2014-11-23 18:13 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-11-23 18:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
    2014-11-23 18:12 - 2014-11-23 19:25 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-23 18:12 - 2014-11-23 18:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-23 18:12 - 2014-11-23 18:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\windows\System32\Tasks\Apple
    2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Users\l\AppData\Local\Apple
    2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files\iPod
    2014-11-23 18:12 - 2014-11-23 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-11-22 19:44 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-22 19:44 - 2014-11-22 19:44 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
    2014-11-22 19:44 - 2014-11-22 19:44 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2014-11-22 19:44 - 2014-11-22 19:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
    2014-11-22 19:44 - 2014-11-22 19:44 - 00001997 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-22 20:18 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
    2014-12-22 20:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
    2014-12-22 19:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-22 19:27 - 2014-04-19 09:14 - 01812190 _____ () C:\windows\WindowsUpdate.log
    2014-12-22 17:05 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-22 13:32 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-22 11:30 - 2014-11-12 22:15 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
    2014-12-22 06:34 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
    2014-12-21 17:46 - 2014-04-19 09:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
    2014-12-21 17:09 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-21 17:07 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
    2014-12-21 17:05 - 2013-07-17 11:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
    2014-12-21 17:04 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
    2014-12-21 17:04 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-21 16:37 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
    2014-12-21 16:37 - 2012-08-10 17:49 - 00404472 _____ () C:\windows\PFRO.log
    2014-12-21 14:34 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
    2014-12-21 14:34 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
    2014-12-21 14:33 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2014-12-21 14:32 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-12-21 12:25 - 2014-06-11 10:00 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
    2014-12-20 12:34 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-12-20 12:10 - 2014-06-30 07:21 - 02122240 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
    2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
    2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
    2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
    2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
    2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
    2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
    2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
    2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
    2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
    2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
    2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
    2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
    2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
    2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
    2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
    2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
    2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
    2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-02 19:32 - 2014-04-27 08:41 - 00288256 ___SH () C:\Users\l\Desktop\Thumbs.db
    2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live
    2014-11-26 15:11 - 2014-10-16 11:19 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-26 15:11 - 2014-10-16 11:19 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-23 18:12 - 2013-07-17 11:32 - 00000000 ____D () C:\ProgramData\Apple
    2014-11-22 19:44 - 2014-05-04 15:20 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-11-22 19:44 - 2014-05-04 15:19 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
    2014-11-22 19:44 - 2014-05-04 15:19 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys

    Some content of TEMP:
    ====================
    C:\Users\l\AppData\Local\temp\bmlhhkx.dll
    C:\Users\l\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmueimr.dll
    C:\Users\l\AppData\Local\temp\HPConnectedMusicInstaller_100100128.exe
    C:\Users\l\AppData\Local\temp\mbam-setup.exe
    C:\Users\l\AppData\Local\temp\Quarantine.exe
    C:\Users\l\AppData\Local\temp\SAS6_Update.exe
    C:\Users\l\AppData\Local\temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-20 03:00

    ==================== End Of Log ============================



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 December 2014 - 08:49 PM

    Just a few things to remove, nothing earth shattering

     

    You are running FRST from your Desktop, I am going to attach a file named Fixlist, download it to your desktop where you have FRST or the fix wont work, after you download it open FRST and click on FIX, it will reboot your system and then you should have a Fixlog on your desktop, post it please and also let me know how your system is behaving now ?????

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 23 December 2014 - 06:23 AM

    Good morning.  MBAM ran overnight and found something.  I'm curious if that means my hubby picked up something new while surfing last night - he is the only one that used the computer except for me coming to this site and running the scans last night.  I will follow your instructions above when I get home from work.  Running better than it was already for sure. 

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/23/2014
    Scan Time: 2:49:43 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.23.03
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: l

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 341303
    Time Elapsed: 4 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Trojan.Chrome.INJ, C:\Users\l\AppData\Local\temp\bmlhhkx.dll, Quarantined, [053a1a4c7efe61d548484ab29170c13f],

    Physical Sectors: 0
    (No malicious items detected)

    (end)

     



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 23 December 2014 - 07:01 AM

    Did you run the fix with FRST as that would have cleaned out your temp folders where this file was found, kind of keep in mind that anti virus programs and programs like Malwarebytes are constantly updating there database adding known bad files, its possible that file was not in the database yet but when you opened Malwarebytes and ran a scan it updated it and found that bad file. 

     

    How is your system behaving now ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 25 December 2014 - 11:13 AM

    I am getting a message that my settings will not allow me to download the file you attached.  I'm getting that message with a lot of things.  I will try to do it from chrome, as that has worked in the past.  This is an issue that started when the other problems started. 



    #12 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 25 December 2014 - 11:38 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
    Ran by l at 2014-12-25 11:32:40 Run:4
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

    =========  ipconfig /flushdns =========

    Windows IP Configuration



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 December 2014 - 11:48 AM

     I dont think thats the entire Fixlog, it should show the ipconfig being flushed, the hosts file being reset and the temp files being removed, can you open it and repost it please..

     

    Then run a new scan with FRST, be sure to checkmark Additions and post both new logs so I can see if anything has returned

     

    How is your system behaving now ??

     

    Take your time as I will be offline for the rest of the day and may not return until tomorrow morning



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 wilma1313

    wilma1313

      Silver Member

    • Authentic Member
    • PipPipPip
    • 386 posts

    Posted 25 December 2014 - 12:18 PM

    It seems ok .  I have not used it much though.

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
    Ran by l at 2014-12-25 11:32:40 Run:4
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

    =========  ipconfig /flushdns =========

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 902.4 MB temporary data.

    The system needed a reboot.

    ==== End of Fixlog ====

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
    Ran by l (administrator) on PURPLE on 25-12-2014 12:18:49
    Running from C:\Users\l\Desktop
    Loaded Profile: l (Available profiles: l)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\windows\System32\hkcmd.exe
    (Intel Corporation) C:\windows\System32\igfxpers.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\windows\System32\printfilterpipelinesvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
    HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-20] (SUPERAntiSpyware)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...&p={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
    Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
    Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\windows\SysWow64\urlmon.dll (Microsoft Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
    Tcpip\..\Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725}: [NameServer] 208.67.220.220,208.67.222.222
    Tcpip\..\Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513}: [NameServer] 208.67.220.220,208.67.222.222

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.yahoo.co...t&type=avastbcl
    CHR StartupUrls: Default -> "https://www.yahoo.co...t&type=avastbcl"
    CHR DefaultSearchKeyword: Default -> www.yahoo.com
    CHR DefaultSearchURL: Default -> https://search.yahoo...&p={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
    CHR Profile: C:\Users\l\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
    CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
    CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
    CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
    CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
    CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-26] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
    R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
    R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
    U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
    U4 BthAvrcpTg; No ImagePath
    U4 BthHFEnum; No ImagePath
    U4 bthhfhid; No ImagePath
    R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-25 11:37 - 2014-12-25 11:37 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist.txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (3).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (2).txt
    2014-12-25 11:19 - 2014-12-25 11:19 - 00000666 _____ () C:\Users\l\Downloads\Fixlist (1).txt
    2014-12-22 20:19 - 2014-12-22 20:19 - 00032433 _____ () C:\Users\l\Desktop\Addition.txt
    2014-12-22 20:18 - 2014-12-25 12:18 - 00018231 _____ () C:\Users\l\Desktop\FRST.txt
    2014-12-21 20:08 - 2014-12-21 20:08 - 00001040 _____ () C:\Users\l\Desktop\mbam 2.txt
    2014-12-21 12:41 - 2014-12-21 12:41 - 00000853 _____ () C:\Users\l\Desktop\JRT1.txt
    2014-12-21 12:27 - 2014-12-21 12:27 - 00003297 _____ () C:\Users\l\Desktop\AdwCleaner[S2].txt
    2014-12-21 12:19 - 2014-12-21 12:19 - 02173952 _____ () C:\Users\l\Downloads\AdwCleaner.exe
    2014-12-21 09:18 - 2014-12-21 09:18 - 00046991 _____ () C:\Users\l\Desktop\FRST1.txt
    2014-12-21 09:18 - 2014-12-21 09:18 - 00037223 _____ () C:\Users\l\Desktop\Addition1.txt
    2014-12-21 09:16 - 2014-12-21 09:16 - 00002169 _____ () C:\Users\l\Desktop\aswMBR1.txt
    2014-12-21 08:56 - 2014-12-21 08:56 - 00000000 ____D () C:\Users\l\Documents\e-Sword
    2014-12-21 08:49 - 2014-12-21 08:49 - 00000000 ____D () C:\windows\Minidump
    2014-12-20 12:26 - 2014-12-25 11:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-12-20 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-20 12:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-12-20 12:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-12-20 12:13 - 2014-12-20 12:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-20 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-12-20 12:11 - 2014-12-20 12:13 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2014-12-20 12:10 - 2014-12-20 12:10 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
    2014-12-20 12:01 - 2014-12-20 12:03 - 00024064 ___SH () C:\Users\l\Documents\Thumbs.db
    2014-12-16 21:02 - 2014-12-09 01:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
    2014-12-16 21:02 - 2014-12-09 01:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
    2014-12-16 20:26 - 2014-12-16 20:26 - 00000198 _____ () C:\Users\l\Desktop\Arthritis of the Shoulder-OrthoInfo - AAOS.url
    2014-12-14 18:12 - 2014-12-16 20:16 - 00000635 _____ () C:\Users\l\Desktop\calculator online -.website
    2014-12-14 17:24 - 2014-12-14 22:07 - 00026624 _____ () C:\Users\l\Desktop\mileage.xls
    2014-12-11 13:22 - 2014-09-20 15:30 - 02412784 _____ () C:\Users\l\Documents\Cooking and Eating for One Person.pptx
    2014-12-11 13:19 - 2014-12-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
    2014-12-11 13:19 - 2014-12-11 13:19 - 00001912 _____ () C:\Users\Public\Desktop\e-Sword.lnk
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\l\AppData\Local\Downloaded Installations
    2014-12-11 13:19 - 2014-12-11 13:19 - 00000000 ____D () C:\Program Files (x86)\e-Sword
    2014-12-11 06:55 - 2014-12-12 00:32 - 00000000 ____D () C:\windows\system32\appraiser
    2014-12-10 06:47 - 2014-10-08 22:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 22:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
    2014-12-10 06:47 - 2014-10-08 22:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
    2014-12-10 06:47 - 2014-10-08 21:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2014-12-10 03:24 - 2014-12-04 19:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2014-12-10 03:24 - 2014-12-04 19:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-12-10 03:24 - 2014-12-02 19:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-12-10 03:24 - 2014-11-21 02:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-12-10 03:24 - 2014-11-21 02:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-12-10 03:24 - 2014-11-21 02:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 02:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 02:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-12-10 03:24 - 2014-11-21 01:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-12-10 03:24 - 2014-11-21 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-12-10 03:24 - 2014-11-21 01:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-12-10 03:24 - 2014-11-21 01:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-12-10 03:24 - 2014-11-21 00:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-12-10 03:24 - 2014-11-20 22:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-12-10 03:24 - 2014-11-06 00:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-11-05 23:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 03:24 - 2014-10-11 01:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-12-10 03:24 - 2014-10-10 23:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
    2014-12-10 03:24 - 2014-10-08 21:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
    2014-12-10 03:24 - 2014-10-08 21:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
    2014-12-10 03:24 - 2014-09-21 23:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
    2014-12-10 03:24 - 2014-09-21 21:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
    2014-12-10 03:23 - 2014-10-30 01:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2014-12-10 03:23 - 2014-10-29 23:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2014-12-07 17:12 - 2014-12-14 17:05 - 00000000 ____D () C:\Users\l\Desktop\stuff
    2014-12-06 10:06 - 2014-12-06 10:06 - 08539604 _____ () C:\Users\l\Documents\Nutrition Focused Physical Exam-FINAL.pptx
    2014-12-06 10:05 - 2014-12-06 10:05 - 01685515 _____ () C:\Users\l\Documents\Health Care System and Malnutrition.pptx
    2014-12-02 19:32 - 2014-12-25 11:37 - 00000000 ___RD () C:\Users\l\iCloudDrive
    2014-12-02 19:32 - 2014-12-21 14:28 - 00000000 ____D () C:\Users\l\AppData\Local\6890C281-DA80-4394-B151-8612AAAF8F73.aplzod
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\Documents\Outlook Files
    2014-12-02 19:32 - 2014-12-02 19:32 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Inc
    2014-11-25 08:41 - 2014-11-25 08:41 - 00000188 _____ () C:\Users\l\Desktop\Bourbon Dork.url

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-25 12:18 - 2014-06-30 07:22 - 00000000 ____D () C:\FRST
    2014-12-25 12:16 - 2014-05-22 07:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
    2014-12-25 12:04 - 2014-11-12 22:15 - 00004950 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple
    2014-12-25 12:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
    2014-12-25 11:54 - 2014-04-19 09:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
    2014-12-25 11:40 - 2012-07-26 01:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-25 11:39 - 2014-07-03 14:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-25 11:39 - 2013-03-22 11:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
    2014-12-25 11:37 - 2014-04-27 08:41 - 00371200 ___SH () C:\Users\l\Desktop\Thumbs.db
    2014-12-25 11:36 - 2014-04-27 08:23 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-25 11:36 - 2013-07-17 11:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
    2014-12-25 11:36 - 2013-07-17 11:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
    2014-12-25 11:36 - 2012-08-10 17:49 - 00406652 _____ () C:\windows\PFRO.log
    2014-12-25 11:36 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-12-25 11:32 - 2014-04-27 08:23 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-25 00:53 - 2014-04-19 09:14 - 01957967 _____ () C:\windows\WindowsUpdate.log
    2014-12-23 04:13 - 2014-04-20 16:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-21 16:37 - 2014-07-28 08:16 - 00000330 _____ () C:\windows\Tasks\HPCeeScheduleForl.job
    2014-12-21 14:34 - 2014-07-28 08:16 - 00003136 _____ () C:\windows\System32\Tasks\HPCeeScheduleForl
    2014-12-21 14:34 - 2014-04-19 09:13 - 00000000 ____D () C:\Users\l
    2014-12-21 14:33 - 2014-04-30 15:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
    2014-12-21 14:32 - 2014-04-30 15:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-12-21 12:25 - 2014-06-11 10:00 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 08:49 - 2014-04-19 10:47 - 00124196 ____N () C:\windows\Minidump\122114-25453-01.dmp
    2014-12-20 12:34 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Users\l\AppData\Roaming\Malwarebytes
    2014-12-20 12:26 - 2014-05-26 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-12-20 12:10 - 2014-07-11 18:42 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-12-20 12:10 - 2014-06-30 07:21 - 02122240 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
    2014-12-17 16:32 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Roaming\Apple Computer
    2014-12-16 21:38 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-12-14 17:13 - 2012-07-26 01:21 - 00818283 _____ () C:\windows\setupact.log
    2014-12-12 22:11 - 2012-08-10 18:49 - 00000000 ____D () C:\windows\Panther
    2014-12-12 19:32 - 2014-04-19 09:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
    2014-12-12 11:32 - 2014-04-30 15:40 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-12 07:00 - 2014-09-24 09:57 - 00000000 ___HD () C:\$Windows.~BT
    2014-12-12 00:32 - 2014-11-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-12-12 00:32 - 2014-11-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-12-12 00:32 - 2014-11-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-12-12 00:32 - 2014-11-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-12 00:32 - 2014-10-28 15:16 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
    2014-12-12 00:32 - 2014-07-12 10:26 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-12-12 00:32 - 2014-07-06 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-12 00:32 - 2014-07-03 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-12-12 00:32 - 2014-04-30 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-12-12 00:32 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-12-12 00:32 - 2014-04-19 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-12-12 00:32 - 2014-04-19 09:13 - 00000000 ___RD () C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-12-12 00:32 - 2013-07-17 11:45 - 00000000 ____D () C:\windows\en
    2014-12-12 00:32 - 2013-07-17 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
    2014-12-12 00:32 - 2013-07-17 11:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-12 00:32 - 2013-07-17 11:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2014-12-12 00:32 - 2013-07-17 11:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
    2014-12-12 00:32 - 2013-07-17 11:27 - 00000000 ____D () C:\Program Files\Intel
    2014-12-12 00:32 - 2013-07-17 11:22 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-12-12 00:32 - 2012-08-10 17:52 - 00000000 ____D () C:\ProgramData\PRICache
    2014-12-12 00:32 - 2012-07-26 02:18 - 00000000 ____D () C:\windows\DigitalLocker
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ___SD () C:\Program Files (x86)\Windows Sidebar
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\spool
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\Recovery
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\MUI
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\Help
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AppCompat
    2014-12-12 00:32 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\WCN
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\SysWOW64\sysprep
    2014-12-12 00:32 - 2012-07-26 01:49 - 00000000 ____D () C:\windows\system32\WCN
    2014-12-12 00:32 - 2012-07-25 23:38 - 00000000 ____D () C:\windows\SysWOW64\SMI
    2014-12-12 00:15 - 2014-09-10 19:10 - 00000000 __SHD () C:\Recovery
    2014-12-11 22:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-12-11 22:02 - 2012-07-26 02:13 - 00006020 _____ () C:\windows\DtcInstall.log
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagwrn.xml
    2014-12-11 21:45 - 2014-09-03 09:46 - 00041913 _____ () C:\windows\diagerr.xml
    2014-12-11 21:44 - 2012-08-10 17:56 - 00013398 _____ () C:\windows\iis.log
    2014-12-11 21:43 - 2014-09-03 09:49 - 00003145 _____ () C:\windows\comsetup.log
    2014-12-11 21:43 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
    2014-12-11 15:45 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-12-11 14:59 - 2014-10-16 16:24 - 00437360 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-12-11 07:32 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
    2014-12-11 07:03 - 2014-06-10 07:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 06:55 - 2012-07-26 02:12 - 00000000 ___RD () C:\windows\ToastData
    2014-12-10 06:49 - 2014-04-20 17:10 - 00000000 ____D () C:\windows\system32\MRT
    2014-12-10 06:47 - 2014-04-20 17:10 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-12-02 19:31 - 2014-11-23 18:13 - 00000000 ____D () C:\Users\l\AppData\Local\Apple Computer
    2014-11-29 17:05 - 2014-11-04 12:01 - 00000000 ____D () C:\Users\l\AppData\Local\Windows Live
    2014-11-26 15:11 - 2014-10-16 11:19 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-26 15:11 - 2014-10-16 11:19 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-20 03:00

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
    Ran by l at 2014-12-25 12:19:05
    Running from C:\Users\l\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
    Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
    CustomCLSID: HKU\S-1-5-21-2497467096-1107912187-4260812050-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\l\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

    ==================== Restore Points  =========================

    10-12-2014 06:44:18 Windows Update
    11-12-2014 13:19:38 Installed e-Sword.
    16-12-2014 21:38:23 Windows Update
    20-12-2014 12:40:31 Tweaking.com - Windows Repair

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 23:26 - 2014-12-25 11:32 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {01D1AEA2-D3E6-4F83-89FB-179CA941DD49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {2074D266-16EF-443D-A537-7A04FA26D2C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {475A8B73-4C6A-4A71-9FE3-A16444BC7837} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
    Task: {5285A5FC-9C0B-4B05-80AA-C7B537CDDB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
    Task: {7232C45B-0F67-4FC3-B0AC-ED65D5414393} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {784C093C-5ABC-43A6-B057-D2206F601A9E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)
    Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    Task: {A981E902-DD74-4A81-8E7D-2A8244462A56} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
    Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
    Task: {CDDD90BD-9075-4B36-A9CB-74B048D77D8D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PURPLE-l purple => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {D1329C4C-E6B3-4C12-86AB-E55904951995} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
    Task: {DEA98902-9691-4764-AE5C-C7987CD0003C} - System32\Tasks\HPCeeScheduleForl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\HPCeeScheduleForl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-04 15:15 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
    2014-11-19 13:56 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-25 11:31 - 2014-12-25 11:31 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122501\algo.dll
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-01-10 14:30 - 2013-01-10 14:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
    2013-03-22 11:06 - 2013-03-22 11:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
    2011-07-05 11:53 - 2011-07-05 11:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
    2013-01-10 14:35 - 2013-01-10 14:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
    2014-11-22 19:44 - 2014-11-22 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-07-17 11:33 - 2012-06-07 21:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-07-17 11:27 - 2013-01-23 17:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2014-11-19 13:55 - 2014-11-19 13:55 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2497467096-1107912187-4260812050-500 - Administrator - Disabled)
    Guest (S-1-5-21-2497467096-1107912187-4260812050-501 - Limited - Disabled)
    l (S-1-5-21-2497467096-1107912187-4260812050-1001 - Administrator - Enabled) => C:\Users\l

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/25/2014 00:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: jscript9.dll, version: 10.0.9200.17183, time stamp: 0x546ec683
    Exception code: 0xc0000005
    Fault offset: 0x00062694
    Faulting process id: 0x10e4
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (12/25/2014 11:33:15 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostex (3468) An attempt to open the file "C:\Users\l\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/25/2014 11:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109dd0
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x6c04
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (12/25/2014 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109188
    Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
    Exception code: 0xc0000005
    Fault offset: 0x000617b0
    Faulting process id: 0x899c
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Faulting package full name: iexplore.exe4
    Faulting package-relative application ID: iexplore.exe5

    Error: (12/25/2014 11:16:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
    Faulting module name: igd10iumd32.dll, version: 9.18.10.2989, time stamp: 0x5106fc72
    Exception code: 0xc0000005
    Fault offset: 0x0000c2db
    Faulting process id: 0x534c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (12/25/2014 03:02:25 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

    Error: (12/25/2014 03:02:19 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (12/25/2014 03:00:38 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

    Error: (12/25/2014 03:00:32 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

    Error: (12/25/2014 03:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.2.9200.16384, time stamp: 0x50109cdd
    Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ac20
    Exception code: 0xc0000005
    Fault offset: 0x0000000000025a1e
    Faulting process id: 0x3e74
    Faulting application start time: 0xrundll32.exe_aepdu.dll0
    Faulting application path: rundll32.exe_aepdu.dll1
    Faulting module path: rundll32.exe_aepdu.dll2
    Report Id: rundll32.exe_aepdu.dll3
    Faulting package full name: rundll32.exe_aepdu.dll4
    Faulting package-relative application ID: rundll32.exe_aepdu.dll5

    System errors:
    =============
    Error: (12/25/2014 11:36:13 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
    Description: 0xc000014d0

    Error: (12/25/2014 11:33:10 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The BsHelpCS service terminated unexpectedly.  It has done this 1 time(s).

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (12/25/2014 11:32:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).

    Microsoft Office Sessions:
    =========================
    Error: (12/25/2014 00:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2ajscript9.dll10.0.9200.17183546ec683c00000050006269410e401d02069c69cb155C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\jscript9.dll22d3c461-8c62-11e4-bec3-0c84dc3bd976

    Error: (12/25/2014 11:33:15 AM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostex3468C:\Users\l\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

    Error: (12/25/2014 11:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.1718350109dd0ntdll.dll6.2.9200.1704653b485c4c0000005000617b06c0401d02066f19a6674C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll31ea1510-8c5a-11e4-bec1-0c84dc3bd976

    Error: (12/25/2014 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe10.0.9200.1718350109188ntdll.dll6.2.9200.1704653b485c4c0000005000617b0899c01d02066f0f1c5ecC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dll2f4254a6-8c5a-11e4-bec1-0c84dc3bd976

    Error: (12/25/2014 11:16:42 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE10.0.9200.17183546ebc2aigd10iumd32.dll9.18.10.29895106fc72c00000050000c2db534c01d020661cb6f888C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\igd10iumd32.dllcb01df13-8c59-11e4-bec1-0c84dc3bd976

    Error: (12/25/2014 03:02:25 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

    Error: (12/25/2014 03:02:19 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

    Error: (12/25/2014 03:00:38 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

    Error: (12/25/2014 03:00:32 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

    Error: (12/25/2014 03:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rundll32.exe_aepdu.dll6.2.9200.1638450109cddmsvcrt.dll7.0.9200.163845010ac20c00000050000000000025a1e3e7401d020212a84aa76C:\windows\system32\rundll32.exeC:\windows\system32\msvcrt.dll769c5ba3-8c14-11e4-bec1-0c84dc3bd976

    CodeIntegrity Errors:
    ===================================
      Date: 2014-07-02 16:03:45.621
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-07-02 16:03:45.590
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.871
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-05-17 08:12:37.840
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-04-30 16:32:03.045
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
    Percentage of memory in use: 17%
    Total physical RAM: 12207.45 MB
    Available physical RAM: 10125.22 MB
    Total Pagefile: 12607.45 MB
    Available Pagefile: 10667.73 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1843.23 GB) (Free:1790.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================


    Edited by wilma1313, 25 December 2014 - 01:13 PM.


    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 December 2014 - 08:47 PM

    You have both Norton Internet Security and Avast installed, Microsoft recommends just one Antivirus program, more than one is over kill and will hamper system performance, its your call but you need to uninstall one

     

    You can use this app to uninstall the one you want

     

     
    Run AppRemover
     
    Vista , Win 7 users, right click on the icon and select "run as administrator"
     
    Please download AppRemover and save it to your desktop.
    •  
    • Double click on AppRemover.exe to run it.
    • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
    • Click on the Next button.
    • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
    • Click on the Next button.
    • A scan begins, please wait. Once done, click on the Next button.
    • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
    • Follow the last step and reboot if asked to do so.
     


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users